---
install:
  vm:
    memory: 1G
    numcpus: 1
    autostart: True
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: zfs
        name: root
        size: 5g
  interfaces:
  - bridge: br-public
    name: primary0

network:
  nameservers: "{{ vm_host.network.dns }}"
  domain: "{{ host_domain }}"
  systemd_link:
    interfaces: "{{ install.interfaces }}"
  primary: &_network_primary_
    name: primary0
    address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}"
    gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}"
    template: overlay
    overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}"
  interfaces:
  - *_network_primary_

external_ip: "{{ network.primary.overlay }}"


wireguard_keys:
  elemedia:
    pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0="
    priv: "{{ vault_wireguard_priv_keys.elemedia }}"
  emc:
    pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs="
    priv: "{{ vault_wireguard_priv_keys.emc }}"

wireguard_gateway_tunnels:
  wg-elemedia:
    description: Elevate Media Server (media.elev8.at)
    priv_key: "{{ wireguard_keys.elemedia.priv }}"
    addresses:
    - 192.168.254.1/30
    ip_snat:
      interface: "{{ network.primary.name }}"
      to: "{{ network.primary.overlay }}"
    port_forwardings:
    - dest: "{{ network.primary.overlay }}"
      tcp_ports:
        80: 192.168.254.2:80
        443: 192.168.254.2:443
        322: 192.168.254.2:222
    peers:
    - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
      allowed_ips:
        - 192.168.254.2/32
  # wg-emc:
  #   description: Elevate Media Channel
  #   priv_key: "{{ wireguard_keys.emc.priv }}"
  #   listen_port: 51821
  #   addresses:
  #   - 192.168.254.5/30
  #   ip_snat:
  #     interface: "{{ network.primary.name }}"
  #     to: "{{ network.primary.overlay }}"
  #   port_forwardings:
  #   - dest: "{{ network.primary.overlay }}"
  #     tcp_ports:
  #       422: 192.168.254.6:222
  #   peers:
  #   - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}"
  #     allowed_ips:
  #       - 192.168.254.6/32
  #       - 192.168.20.0/24


wireguard_p2p_interface:
  name: wg-thetys
  description: external management interface for thetys
  priv_key: "{{ vault_wireguard_p2p_interface.priv_key }}"
  listen_port: 51920
  addresses:
  - 192.168.123.1/30

wireguard_p2p_peers:
  - pub_key: "RDNeaG06AUkEZqEr/v3zTidroGfTBTsXluOx2ArITyE="
    allowed_ips:
      - 192.168.123.2/32